Jeremy C. Reed wrote:
> On Fri, 2 Feb 2007, Quentin Garnier wrote:
>
>> For one thing because you can use an interpreted language such as PERL
>> to do almost anything (granted, PERL is not installed in base, and other
>> languages in base might be too limited).
>
> Maybe someone can document or point to a quick howto on how to use
> veriexecctl for that?
>
>> But you can also use LD_PRELOAD to make ld.so load and later run your
>> code.
>
> We already have:
> bool _rtld_trust; /* False for setuid and setgid programs */
>
> Maybe we can extend that to have a sysctl tunable.
the reason I want to avoid implementing the solutions for now is that
*I* am not satisfied with piggy-backing veriexec for the interpreter
issue, and ideally there should be no linker changes for this feature.
-e.